[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] OT Hosting company scanning my Cobalt
- Subject: Re: [cobalt-users] OT Hosting company scanning my Cobalt
- From: "Jonathan Michaelson" <michaelsonjd@xxxxxxxxxxx>
- Date: Fri Aug 16 09:38:04 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Hi Dan,
> BTW, speaking of illegal access: if anyone is grepping their access
> files, look for "w00t". It's a formmail hack attempt and reveals the
> email address the spammer is using to receive the output of a broken
> formmail. e.g.,
> www.airports.worldsbestdeals.com 24-168-45-54.nyc.rr.com - -
> [16/Aug/2002:08:54:09 -0500] "GET
> /cgi-bin/formmail.pl?email=f2%40aol%2Ecom&subject=airports%2Eworldsbestd
> eals%2Ecom%2Fcgi%2Dbin%2Fformmail%2Epl&recipient=tcatenaccio%40mail%2Eco
> m&msg=w00t HTTP/1.1Content-Type: application/x-www-form-urlencoded" 200
> 1628 "-" "Gozilla/4.0 (compatible; MSIE 5.5; windows 2000)"
>
> Note: f2@xxxxxxx is just the decoy. tcatenaccio@xxxxxxxx is the actual
> intented recipient of the info.
We're getting a variant of that about 2 or 3 times a day on one of our
servers. It's interesting the things people are scanning for and how they
reveal themselves in their own actions.
I wonder how many administrators actually check their Apache error logs?
It's a trivial mod to logcheck for those that aren't and want something that
will notify them nicely.
--
Regards,
Jonathan Michaelson
Commercial CGI Scripting, Web Hosting
Web-based Email, Homepage Creation and Live Help products
http://www.webumake.com